#include <qsossl.h> int SSL_Init(SSLInit* init)
The SSL_Init() function is used to establish the SSL security information to be used for all SSL sessions for the current job. The SSL_Init() API establishes the certificate and the associated public and private key information for use by the SSL handshake protocol processing when acting as a server or when acting as a client. The certificate and key information is needed by an application that is acting as a client in the situations where the client is connecting to a server which has enabled and requires client authentication.
struct SSLInitStr { /* SSLInitStr */ char* keyringFileName; /* Key ring file name */ char* keyringPassword; /* Key ring file password */ unsigned short int* cipherSuiteList; /* List of cipher suites */ unsigned int cipherSuiteListLen; /* number of entries in the cipher suites list */ }; |
The fields within the SSLInit structure as pointed to by init are defined as follows:
This parameter is assumed to be represented in the CCSID (coded character set identifier) currently in effect for the job. If the CCSID of the job is 65535, this parameter is assumed to be represented in the default CCSID of the job.
See QlgSSL_Init()--Initialize the Current Job for SSL (using NLS-enabled path name) for a description of supplying the keyringFileName in any CCSID.
If this parameter's value is equal to NULL, then the SSL_Init() support will attempt to extract the key database password that has been securely stored on the system.
This parameter is assumed to be represented in the CCSID (coded character set identifier) currently in effect for the job. If the CCSID of the job is 65535, this parameter is assumed to be represented in the default CCSID of the job.
The caller specifies the preferred order of the cipher specifications. The cipher specification values, shown here not in preferred or strength order, are defined in <qsossl.h> as the following:
C Constant | Hex | System Value | |
TLS_RSA_WITH_NULL_MD5 | 0x0001 | *RSA_NULL_MD5 | |
TLS_RSA_WITH_NULL_SHA | 0x0002 | *RSA_NULL_SHA | |
TLS_RSA_EXPORT_WITH_RC4_40_MD5 | 0x0003 | *RSA_EXPORT_RC4_40_MD5 | |
TLS_RSA_WITH_RC4_128_MD5 | 0x0004 | *RSA_RC4_128_MD5 | |
TLS_RSA_WITH_RC4_128_SHA | 0x0005 | *RSA_RC4_128_SHA | |
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | 0x0006 | *RSA_EXPORT_RC2_CBC_40_MD5 | |
TLS_RSA_WITH_DES_CBC_SHA | 0x0009 | *RSA_DES_CBC_SHA | |
TLS_RSA_WITH_3DES_EDE_CBC_SHA | 0x000A | *RSA_3DES_EDE_CBC_SHA | |
TLS_RSA_WITH_AES_128_CBC_SHA | 0x002F | *RSA_AES_128_CBC_SHA | (TLS Version 1.x only) |
TLS_RSA_WITH_AES_256_CBC_SHA |
0x0035 | *RSA_AES_256_CBC_SHA | (TLS Version 1.x only) |
TLS_RSA_WITH_NULL_SHA256 | 0x003B | *RSA_NULL_SHA256 | (TLS Version 1.2 only) |
TLS_RSA_WITH_AES_128_CBC_SHA256 | 0x003C | *RSA_AES_128_CBC_SHA256 | (TLS Version 1.2 only) |
TLS_RSA_WITH_AES_256_CBC_SHA256 |
0x003D | *RSA_AES_128_CBC_SHA256 | (TLS Version 1.2 only) |
TLS_RSA_WITH_RC2_CBC_128_MD5 | 0xFF01 | *RSA_RC2_CBC_128_MD5 | (SSL Version 2 only) |
TLS_RSA_WITH_DES_CBC_MD5 | 0xFF02 | *RSA_DES_CBC_MD5 | (SSL Version 2 only) |
TLS_RSA_WITH_3DES_EDE_CBC_MD5 | 0xFF03 | *RSA_3DES_EDE_CBC_MD5 | (SSL Version 2 only) |
Notes:
C Constant System Value TLS_RSA_WITH_AES_128_CBC_SHA256 *RSA_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA *RSA_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA256 *RSA_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA *RSA_AES_256_CBC_SHA
The current default cipher suite list can be different from the install time list due to changes made to the QSSLCSL (SSL cipher specification list) system value via the Change System Value (CHGSYSVAL) command. A cipher suite removed from the SSL cipher specification list will also be removed from the default cipher suite list shown here. A cipher suite removed from the eligible default cipher specification list using System Service Tools (SST) Advanced Analysis Command SSLCONFIG will also be removed from the default cipher suite list shown here. For additional information see the help text for SSLCONFIG. The order of the cipher suites in QSSLCSL will be used to order the cipher suites in the default list.
Authorization of *R (allow access to the object) to the key database file and its associated files is required.
The SSL_Init() API returns an integer. Possible values are:
Successful return
A cipher suite that is not valid was specified.
An error occurred in SSL processing; check the errno value.
The specified key ring password has expired.
No key ring file was specified.
SSL is not available for use.
Operation is not supported by SSL.
None of the specified protocol or cipher values are supported by System SSL.
An unknown or unexpected error occurred during SSL processing.
When the SSL_Init() API fails with return code [SSL_ERROR_IO], errno can be set to:
Parameter not valid.
Permission denied.
This error code indicates one of the following:
Descriptor not valid.
This error code indicates one of the following:
Bad address.
The system detected an address that was not valid while attempting to access the init parameter or one of the address fields in the init parameter.
The protocol required to support the specified address family is not
available at this time.
Unknown system state.
Message ID | Error Message Text |
---|---|
CPE3418 E | Possible APAR condition or hardware failure. |
CPF9872 E | Program or service program &1 in library &2 ended. Reason code &3. |
CPFA081 E | Unable to set return value or error code. |